× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 2004

Re: Not authorized to spooled file - CPF3492

> Did you also change 'authority to check'?
no - (did a CRTOUTQ with all defaults)
my point was that edtobjaut of an outq and/or the lib it is in
is not enough to secure spooled files.
jim

----- Original Message ----- 
From: <rob@xxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Friday, September 24, 2004 9:02 AM
Subject: Re: Not authorized to spooled file - CPF3492


> Did you also change 'authority to check'?
>
> Rob Berendt
> -- 
> Group Dekko Services, LLC
> Dept 01.073
> PO Box 2000
> Dock 108
> 6928N 400E
> Kendallville, IN 46755
> http://www.dekko.com
>
>
>
>
>
> "Jim Franz" <franz400@xxxxxxxxxxxx>
> Sent by: midrange-l-bounces@xxxxxxxxxxxx
> 09/23/2004 08:34 PM
> Please respond to
> Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
>
>
> To
> "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
> cc
>
> Fax to
>
> Subject
> Re: Not authorized to spooled file - CPF3492
>
>
>
>
>
>
> > Authority to a spool file IS filtered through an output queue.
> i think yes, "but ...  ".
> I  used qsecofr to create & own both an outq & the lib it is in, and
> excluded *public from both. Copied 2 spools into the outq, created a new
> profile, user class *user & only special attr was *splctl.
> New user can read & display all spools in qsecofr owned & *public excluded
> outq.
> It's a lengthy explanation as to how to setup secure outqs (see prev posts
> or better yet, Security Ref or I like Carol Woodbury's Security book and
> it's detailed explanation).
> I think the key is the CRTOUTQ  parm DSPDTA  with default *NO and here is
> help text:
> ( and note the phrase "unless they have some special authority" (which is
> *splctl))
>                     Display any file (DSPDTA) - Help
> Specifies whether users who have authority to read the output queue can
> display the data of any spooled file on the queue or only the data in
> their own files.
> *NO
>     Users authorized to use the queue can display, copy, or send the
>     data from their own files only, unless they have some special
>     authority.
>  *YES
>     Any user having authority to read the queue can display, copy, or
>     send the data of any file on the queue.
>
> jim franz
>
> ----- Original Message ----- 
> From: <rob@xxxxxxxxx>
> To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
> Sent: Thursday, September 23, 2004 5:21 PM
> Subject: RE: [SPAM] Re: Not authorized to spooled file - CPF3492
>
>
> > Authority to a spool file IS filtered through an output queue.
> >
> >
> > Rob Berendt
> > -- 
> > Group Dekko Services, LLC
> > Dept 01.073
> > PO Box 2000
> > Dock 108
> > 6928N 400E
> > Kendallville, IN 46755
> > http://www.dekko.com
> >
> >
> >
> >
> >
> > Vern Hamberg <vhamberg@xxxxxxxxxxxxxxxxxxxxxxxxx>
> > Sent by: midrange-l-bounces@xxxxxxxxxxxx
> > 09/23/2004 04:06 PM
> > Please respond to
> > Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
> >
> >
> > To
> > Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
> > cc
> >
> > Fax to
> >
> > Subject
> > RE: [SPAM] Re: Not authorized to spooled file - CPF3492
> >
> >
> >
> >
> >
> >
> > An outq is a list - it does not actually contain any spooled files.
> Those
> > are a kind of abstraction - the actual "file" is part of a physical file
> > member in library QSPL. AFAIK, authority to a spooled file is not
> filtered
> >
> > through the outq, so a command like DSPSPLF can be run without using
> > option
> > 5 on a WRKOUTQ panel.
> >
> > Could be wrong, however.   ;-)
> > Vern
> >
> > At 03:43 PM 9/23/2004, you wrote:
> > >If you have *splctl, but you are excluded from the library where the
> outq
> > >is, how can you get at the splf?
> > >
> > >-----Original Message-----
> > >From: midrange-l-bounces@xxxxxxxxxxxx
> > >[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Franz
> > >Sent: Thursday, September 23, 2004 3:38 PM
> > >To: Midrange Systems Technical Discussion
> > >Subject: [SPAM] Re: Not authorized to spooled file - CPF3492
> > >
> > >just be aware *splctl is the "qsecofr" of spool files.
> > >any user with splctl can view any spool file (payroll, etc).
> > >jim
>
>
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.